Optimal Security : the Lumension Blog

In general there are few “Facts of Life” that are accepted because there is an abundance of supporting data – hence, they simply cannot be disputed. Below are half a dozen “Facts of Life” I use in my own life that I’m happy to share:
1.      If I smoke cigars or cigarettes it will have a [...]

Over the 4th of July weekend, a widespread and unusually resilient virus attack brought down the Web sites of several federal government agencies, some believed to be responsible for fighting cyber crime.  This type of attack, as the AP article indicates, is not all that difficult to launch but it represents a nuisance in most [...]

An updated virus (MyDoom)- not a botnet is responsible for the DDoS attacks against US and South Korean websites this past weekend. The virus discovered back in 2004 has been updated to now include a list of websites that have become targets of a DDoS attack as the virus spreads.
The list of Web sites can [...]

My take:

New Internet-based technologies bring new opportunities for the bad guys.
The growth of the applications we use has gone from dozens to nearly 1,000.
The losses are huge, and while the top-line number is disputable, no one can argue that cybercrime losses have reached previously unforeseen levels.
Regardless of whose survey you read, the majority of respondents [...]

The iPhone community has been impatiently waiting for the release of iPhone 3.0 software since Apple’s WWDC event in early June.  Now that it is here, they should upgrade ASAP!  Along with the upgrade comes an Apple security announcement that there are 38 separate vulnerabilities in the previous versions of iPhone OS for iPhones and [...]

It’s been long discussed in the industry that  the requirements for PCI compliance were woefully inadequate and some have gone as far  as suggesting that PCI be replaced with some form of an independent governing body that would actually raise the standard rather than  simply appeasing the vendors to become compliant.
One of the hot topics [...]

A vulnerability involving a Direct X component of Microsoft’s Windows QuickTime Parser is facilitating current drive-by hacking incidents.  It is reported that the vulnerability is automatically being activated without user intervention when a user simply browses a website that contains a maliciously crafted QuickTime file and can provide the hacker with complete control over the compromised PC.
Windows [...]

McAfee, one of the largest AV vendors in the security space, recently acquired Solidcore Systems, a company that sells dynamic whitelisting technology, in a $47 million dollar deal that would add whitelisting capabilities to McAfee’s current product portfolio. While this comes as no surprise, this move by McAfee is just the tipping point for the [...]

While Microsoft may believe that its Internet Information Services 6 Web-server software issues are only limited to a data leakage issue and not necessarily a larger immediate threat, Microsoft should consider other aspects of this issue and accelerate a solution to protect the community at large.
The Bigger Picture
At first glance, the issue with IIS 6 [...]

A Q&A with Pat Clawson and Mike Jacobs
As the nation’s cyber defenses continue to face attack by sophisticated, well-organized efforts to disrupt vital systems and steal critical, confidential information, our government is facing greater pressure to create a governing body that can establish and enforce mandates to protect critical networks and systems. Cyber criminals have graduated [...]